[Feature]: SSO Support (User Creation and Login) #1490
Comments
|
My understanding is that most of the login logic is here: https://github.com/webrecorder/browsertrix-cloud/blob/b252931c71a35f8cd2a1159935528ecd69115fe5/backend/btrixcloud/auth.py#L169C5-L229C41 Implementing direct SSO is another story, but if you agree I could test and see if the above approach can be easily done. |
|
Thank you for working on this, yes, would be happy to accept the initial implementation. Will leave comments in the PR. |
emma-sg
added
front end
Context
In large organizations it is difficult to manually manage all users that should have access to an instance, and is generally good practice to assign users to groups with permissions to SSO in the required applications.
I've found some issue requests linked to this that have been closed, one of those: #244 was closed given that there is API support for adding users.
However my understanding is that this still does not allow SSO and whilst it might provide admins some kind of endpoint to more easily create users, the created users are still independent, with different login credentials than what the users normally expect, which is also not ideal in lots of enterprise developments.
I've not dug too much into the current auth structure of Btrix but have already had some project where I implemented SSO directly and indirectly and can take a look at it if somebody can give me some starting point.
What change would you like to see?
As a user I'd like to be able to simply login with my institutional credentials.
As an admin I'd like to be able to add users to groups depending on their role, and have them login to Btrix with SSO through SAML/OIDC either with direct support, or through header authentication with a front proxy handling SAML/OIDC.
User should be automatically created if needed and assigned to orgs automatically based on group membership.
Requirements
No response
Todo
No response
The text was updated successfully, but these errors were encountered: